CN104753886B - It is a kind of to the locking method of remote user, unlocking method and device - Google Patents
It is a kind of to the locking method of remote user, unlocking method and device Download PDFInfo
- Publication number
- CN104753886B CN104753886B CN201310750710.1A CN201310750710A CN104753886B CN 104753886 B CN104753886 B CN 104753886B CN 201310750710 A CN201310750710 A CN 201310750710A CN 104753886 B CN104753886 B CN 104753886B
- Authority
- CN
- China
- Prior art keywords
- request
- unlocking
- locking
- client
- account
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Lock And Its Accessories (AREA)
Abstract
Network communication technology field is related to the locking method of remote user, unlocking method and device the invention discloses a kind of, it is poor by attack safety to be easy when can solve the problems, such as to lock remote user in the prior art and unlock operation.The locking method includes:Receive the decryption password input by user for account to be decrypted;If the account successful decryption cannot be sent the first locking request to safety certificate server, client identity check information is carried in first locking request by the decryption password inputted in preset times;If first locking request is passed through by safety certificate server audit, the account is locked.
Description
Technical field
The present invention relates to network communication technology fields, more particularly to a kind of to the locking method of remote user, unlock side
Method and device.
Background technology
With the rapid development of information technology and the extensive use of computer network, the degree of data sharing is higher and higher.
At this time Informatization Development is advanced by leaps and bounds, and is become and is expanded information having of coming into the open, promote information resources share, enhancing administrative efficiency
Effect means, people are also increasingly dependent on computer while changing old manual work mode.Some in network are important
Information is related to extensively, once error influence is huge, consequence is serious.Especially now large-scale cascade network, the range of distribution can
The interconnection of the multistage such as central, provincial and municipal, county, the also large-scale office automation system are can relate to, communication between the superior and the subordinate will
It establishes trust and could carry out mutually.
For situation above, some safety equipments are generally based on to be locked to user and realize shared resource
Secure access, the information safety devices of higher-end are programmable, can both have been run in information safety devices and pre-deposit it
In code.Information safety devices generally realize its security function using safe design chip.Selecting these safety equipments
When, it to be also equipped with the management server of a corresponding user password and an application system, as user's use
It requires user to input correct password when safety equipment, just allows user that could carry out to application system after being verified
Normal operating.Illegal molecule is generally provided with locking work(by Brute Force password intrusion system, safety equipment in order to prevent
It can so that user can not just continue to sound out when the number for inputting password exceeds defined number.But user sometimes
It may forget that the password of oneself causes account locked, at this time if the lock-out state that user wants to release account will be with
The management server of application system interacts, and the two is passed through after secure handshake, and the management server of application system will unlock
Code issues user, and user is unlocked safely with unlock code.
However, in above process, disabled user can complete the non-Vinculum iuris to subscriber secure device completely from malevolence
It is fixed, it makes troubles in this way to normal use person, or even may also result in the loss that can not be retrieved.Moreover, malicious attacker may
Solution lock password is obtained with abnormal approach, the function of unlock is completed, to constitute a serious threat to network security.
Invention content
The technical problem to be solved in the present invention is to provide a kind of to the locking method of remote user, unlocking method and device,
It is poor by attack safety to be easy when solving the problems, such as to lock remote user in the prior art and unlock operation.
In order to solve the above technical problems, on the one hand, the present invention provides a kind of locking method to remote user, including:It connects
Receive the decryption password input by user for account to be decrypted;If the decryption password inputted in preset times is equal
The account successful decryption cannot be sent the first locking request to safety certificate server, be taken in first locking request
Band client identity check information;If first locking request is passed through by safety certificate server audit, to described
Account is locked.
On the other hand, the present invention provides a kind of locking method to remote user, including:Receive first from client
Locking request carries client identity check information in first locking request;First locking request is audited;
If first locking request sends the second locking request by audit, to application management server, second locking is asked
The identity verifying information of certificate server safe to carry in asking.
On the other hand, the present invention provides a kind of locking method to remote user, including:It receives and carrys out safety certificate server
The second locking request, the identity verifying information of certificate server safe to carry in second locking request;To described second
Locking request is audited;If second locking request passes through audit, couple client corresponding with second locking request
End account is locked.
On the other hand, the present invention provides a kind of unlocking method to remote user, including:Receive the first of administrator's input
Unlocking request carries the identity verifying information of the administrator in first unlocking request;To first unlocking request into
Row audit;If first unlocking request by audit, to safety certificate server send the second unlocking request, described second
The identity verifying information of application management server is carried in unlocking request;If second unlocking request is by the safety certification
Server audit passes through, and receives the unlocking command from the safety certificate server, and according to the unlocking command to described
The corresponding account of second unlocking request carries out application service end unlock.
On the other hand, the present invention provides a kind of unlocking method to remote user, including:It receives and comes from application management service
Second unlocking request of device carries the identity verifying information of the application management server in second unlocking request;To institute
The second unlocking request is stated to be audited;If second unlocking request is by audit, respectively to client and the application pipe
It manages server and sends unlocking command.
On the other hand, the present invention provides a kind of unlocking method to remote user, including:User is prompted to be proposed to administrator
To the unlocking request of account;
Receive the unlocking command from safety certificate server;Client is carried out to the account according to the unlocking command
Unlock.
Optionally, it is described according to the unlocking command to the account be unlocked including:The unlocking command is carried out
Audit;If the unlocking command is continuously inputted according to the unlocking command by local decryption password is stored in by audit
The number of mistake is reset;The decryption password is reset.
On the other hand, the present invention provides a kind of locking device to remote user, including:Client locks receiving unit,
For receiving the decryption password input by user for account to be decrypted;Client locks transmission unit, if be used for
The account successful decryption cannot be sent first by the decryption password inputted in preset times to safety certificate server
Locking request carries client identity check information in first locking request;Client locks unit, if for described
First locking request is passed through by safety certificate server audit, is locked to the account.
On the other hand, the present invention provides a kind of locking device to remote user, including:Certification locks receiving unit, uses
In receiving the first locking request from client, client identity check information is carried in first locking request;Certification
Audit unit is locked, for being audited to first locking request;Certification locks transmission unit, if being used for described first
Locking request is by audit, safe to carry in second locking request to application management server the second locking request of transmission
The identity verifying information of certificate server.
On the other hand, the present invention provides a kind of locking device to remote user, including:Using receiving unit is locked, use
In receiving the second locking request for carrying out safety certificate server, the body of certificate server safe to carry in second locking request
Part check information;Unit is audited using locking, for being audited to second locking request;Using unit is locked, it is used for
If second locking request is locked by audit, a pair client account corresponding with second locking request.
On the other hand, the present invention provides a kind of tripper to remote user, including:Using unlock receiving unit, use
The proof of identity letter of the administrator is carried in the first unlocking request for receiving administrator's input, first unlocking request
Breath;Unit is audited using unlock, for being audited to first unlocking request;Using unlock transmission unit, if for
First unlocking request sends the second unlocking request by audit, to safety certificate server, in second unlocking request
Carry the identity verifying information of application management server;The application unlocks receiving unit, if being additionally operable to second unlock
Request is passed through by safety certificate server audit, unlocking command of the reception from the safety certificate server, and according to
The unlocking command carries out application service end unlock to the corresponding account of second unlocking request.
On the other hand, the present invention provides a kind of tripper to remote user, including:Certification unlocks receiving unit, uses
In receiving the second unlocking request from application management server, the application management service is carried in second unlocking request
The identity verifying information of device;Certification unlock audit unit, for being audited to second unlocking request;Certification unlock is sent
Unit sends solution to client and the application management server respectively if for second unlocking request by audit
Lock order.
On the other hand, the present invention provides a kind of tripper to remote user, including:Client unlocks prompt unit,
For prompting unlocking request of the user to administrator's proposition to account;Client unlocks receiving unit, for receiving from safety
The unlocking command of certificate server;Client unlocking unit, for carrying out client to the account according to the unlocking command
Unlock.
Optionally, the client unlocking unit is specifically used for:The unlocking command is audited;If the unlock
Order resets the number for being stored in the continuous input error of local decryption password by audit, according to the unlocking command;It is right
The decryption password is reset.
The embodiment of the present invention provide to the locking method of remote user, unlocking method and device, in client and answer
With safety certificate server is added between server, audit and phase are carried out to locking request and unlocking request by security server
The proof of identity answered only is passed through by safety certificate server audit, just to the account lock or solve accordingly
Lock operation, this reduces transmit ask during, the probability that information may be trapped or illegally forge, and protecting
It is real validated user to have demonstrate,proved the user for being locked or being unlocked to account, is inputted by malice to prevent disabled user
Account is locked or is forged the possibility that user is unlocked by the decryption password of mistake, and it is total to network to effectively prevent disabled user
It enjoys resource and carries out illegal operation, improve internet security.
Description of the drawings
Fig. 1 is a kind of flow chart of the locking method provided in an embodiment of the present invention to remote user;
Fig. 2 is another flow chart of the locking method provided in an embodiment of the present invention to remote user;
Fig. 3 is another flow chart of the locking method provided in an embodiment of the present invention to remote user;
Fig. 4 is another flow chart of the locking method provided in an embodiment of the present invention to remote user;
Fig. 5 is a kind of flow chart of the unlocking method provided in an embodiment of the present invention to remote user;
Fig. 6 is another flow chart of the unlocking method provided in an embodiment of the present invention to remote user;
Fig. 7 is another flow chart of the unlocking method provided in an embodiment of the present invention to remote user;
Fig. 8 is another flow chart of the unlocking method provided in an embodiment of the present invention to remote user;
Fig. 9 be locking method provided in an embodiment of the present invention to remote user, unlocking method a kind of specific flow
Figure;
Figure 10 is a kind of structural schematic diagram of the locking device provided in an embodiment of the present invention to remote user;
Figure 11 is another structural schematic diagram of the locking device provided in an embodiment of the present invention to remote user;
Figure 12 is another structural schematic diagram of the locking device provided in an embodiment of the present invention to remote user;
Figure 13 is a kind of structural schematic diagram of the tripper provided in an embodiment of the present invention to remote user;
Figure 14 is another structural schematic diagram of the tripper provided in an embodiment of the present invention to remote user;
Figure 15 is another structural schematic diagram of the tripper provided in an embodiment of the present invention to remote user.
Specific implementation mode
The present invention provides a kind of authentication methods and device for ubiquitous terminal network, below in conjunction with attached drawing to the present invention
It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, do not limit
The present invention.
As shown in Figure 1, the embodiment of the present invention provides a kind of locking method to remote user, it is based on client, the party
Method may include:
S11 receives the decryption password input by user for account to be decrypted;
S12, if the decryption password inputted in preset times cannot be by the account successful decryption, to safety
Certificate server sends the first locking request, and client identity check information is carried in first locking request;
S13 adds the account if first locking request is passed through by safety certificate server audit
Lock.
The locking method to remote user that the embodiment of the present invention provides, is added between client and application server
Safety certificate server carries out proof of identity, if described by security server to the client for sending the first locking request
First locking request by the safety certificate server audit passes through, just the account is locked, this reduces
During transmitting request, probability that information may be trapped or illegally forge, and ensure that and account is locked
User is real validated user, is locked account by the decryption password of malice input error to having prevented disabled user
May, it effectively prevents disabled user and illegal operation is carried out to network shared resource, improve internet security.
It should be understood that in step s 11, in order to control the permission of user access server, user is in local to service
When device carries out Telnet, it is often necessary to it inputs correct account and account is decrypted in corresponding correct decryption password,
User could be made to obtain corresponding logon rights.Account can be inputted by way of being simply input account, can also be used
Medium, such as register are logged in, by the card reader and login system of terminal come typing.When being logged in using register, terminal is first
The certificate type that register is first read from the preset position of its registration table, shows application server login interface, then with application
Management server communicates, and inquires whether Status Flag of this register in application management server is set to " lock ", if
It has been set to " lock ", has then illustrated that this register for various reasons and by application management server denied access, needs
Wanting user to be unlocked the account can just reactivate the account.If this logs in the state being stuck in application management server
Mark is not set to " lock ", then illustrates that application management server can also receive the decryption mouth that user logs in this card input
It enables, attempts to log in card login application server using this.
Specifically, can be user in the case where the Status Flag is not set to " lock " in step s 12
The dialog box of input decryption password is provided, user's input decryption password is received and logs in card to decrypt, if decryption logs in card success,
Secure log is then completed, application server is then logged in and is operated.If password decryption input by user logs in card crash,
The number of the continuous mistake input decryption password of user is determined whether in preset times, such as can be from the registration of local computer
The continuous frequency of failure of maximum allowed on the number and computer that the card continuously fails on computers is read in table, if user
The number of continuous mistake input decryption password then allows user to continue input decryption password and otherwise recognizes to safety in preset times
It demonstrate,proves server and sends the first locking request, carrying client identity check information in first locking request optionally may be used also
To prompt user:" you log in be stuck in the machine the continuous frequency of failure of password be more than system allow range, if to solve
Card, is please placed in card reader, and the administrator of application management server is notified to be unlocked by lock ".Wherein, it described first locks
The client identity check information carried in request, optionally, the identity verifying information both may include the body of client itself
Part check information, required identity verifying information when can also include the login system of user, the embodiment of the present invention to this not
It is limited, as long as safety certificate server can be made more fully to be verified to client ends relative.
In step s 13, if first locking request is passed through by safety certificate server audit, to the account
Family is locked.After locking, the login system of client no longer provides the input password of decryption password to the user.
Correspondingly, as shown in Fig. 2, the embodiment of the present invention also provides a kind of locking method to remote user, based on peace
Full certificate server, this method may include:
S21 receives the first locking request from client, client identity verification is carried in first locking request
Information;
S22 audits first locking request;
S23, if first locking request sends the second locking request, institute by audit, to application management server
State the identity verifying information of certificate server safe to carry in the second locking request.
The locking method to remote user that the embodiment of the present invention provides, is added between client and application server
Safety certificate server carries out proof of identity, if described by security server to the client for sending the first locking request
First locking request is passed through by safety certificate server audit, then sends the second locking request to application management server,
So that the application management server can lock the proper account of client.This reduces transmitting request
In the process, the probability that information may be trapped or illegally forge, and ensure that the user locked to account is real
Validated user, to prevent the possibility that disabled user is locked account by the decryption password of malice input error, effectively
It avoids disabled user and illegal operation is carried out to network shared resource, improve internet security.
Optionally, in the step s 21, the client identity school carried in the first locking request from client of reception
Information is tested both and may include the identity verifying information of client itself, required identity when can also include the login system of user
Check information, the embodiment of the present invention is without limitation, as long as can make safety certificate server more fully to client phase
Information is closed to be verified.
In step S22, safety certificate server audits first locking request, and main is exactly to add to first
The client identity check information that lock request carries carries out audit verification, specifically, in safety certificate server, can store
List or the rule of one its equipment and user approved, only when the client is the equipment that safety certificate server is approved
When, safety certificate server can receive a series of requests or order of client transmission.
Safety certificate server is an intermediate ring in client and application management server carry out logging on communication
Section, be mainly responsible for and the identity of communicating pair verified, regardless of verification result, be required for in communicating pair at least
One side feeds back.For example, in the case where first locking request is by audit, safety certificate server can be to application
Management server send the second locking request, and in second locking request certificate server safe to carry proof of identity
Information.Second locking request is corresponding with the first locking request, be inherently the same client send out to same
The locking request of a account, the identity verifying information only respectively carried are different, wherein carry client in the first locking request
Identity verifying information, the identity verifying information of certificate server safe to carry in the second locking request, that is, the difference that carries
For the identity verifying information of respective request sender.
Correspondingly, as shown in figure 3, the embodiment of the present invention also provides a kind of locking method to remote user, based on answering
With management server, including:
S31 receives the second locking request for carrying out safety certificate server, certification safe to carry in second locking request
The identity verifying information of server;
S32 audits second locking request;
S33, if second locking request passes through audit, pair client account corresponding with second locking request
It is locked.
The locking method to remote user that the embodiment of the present invention provides, is added between client and application server
Safety certificate server, is specially authenticated the locking request of client by safety certificate server, application management service
Device directly receives the second locking request from safety certificate server, and is audited to second locking request, if audit
Pass through, then a pair client account corresponding with second locking request locks.This reduces transmitting request
In the process, the probability that information may be trapped or illegally forge, and ensure that the user locked to account is real
Validated user, to prevent the possibility that disabled user is locked account by the decryption password of malice input error, effectively
It avoids disabled user and illegal operation is carried out to network shared resource, improve internet security.
Application management server can differentiate safety certificate server according to the identity verifying information of safety certificate server
Identity, while auditing second locking request.After the approval, you can pair client corresponding with second locking request
Account is locked.Optionally, the Status Flag for the account that application management server can be safeguarded is set to " locking " and complete
At the locking in application management server side to the account.If audit does not pass through, illustrate application management server pair the
Two locking requests are also suspected, therefore are not responded to second locking request, lock failure.
Moreover, in the embodiment of the present invention, application management server can also be passed through for the locking of user account
Administrator actively complete, concrete methods of realizing can be the account actively changed by administrator in application management server
Family state is set to " locking " to realize.
Further, in above-described embodiment, an account is mainly realized an end to the locking method of remote user
It is locked on end, but embodiments of the present invention are not limited thereto.In other embodiments of the invention, can also realize makes other more
Terminal can not be used.Specifically, the marker bit of a pintle hook lock can be safeguarded on the management server, other servers before logging in
This marker bit is synchronized, to distinguish whether this card is locked.
In one embodiment of the invention, the detailed process locked to remote user can be as shown in Figure 4.
It is corresponding with locking method, as shown in figure 5, the embodiment of the present invention also provides a kind of unlock side to remote user
Method, is based on application management server, and the unlocking method includes:
S41 receives the first unlocking request of administrator's input, the body of the administrator is carried in first unlocking request
Part check information;
S42 audits first unlocking request;
S43, if first unlocking request sends the second unlocking request, institute by audit, to safety certificate server
State the identity verifying information that application management server is carried in the second unlocking request;
S44 is received if second unlocking request is passed through by safety certificate server audit and is come from the safety
The unlocking command of certificate server, and the corresponding account of second unlocking request is carried out using clothes according to the unlocking command
The unlock of business end.
The unlocking method to remote user that the embodiment of the present invention provides, the first unlock that application management server receives
Request is what administrator sent out, and locked user cannot directly unlock to the application management server application, and can only lead to
Administrator is crossed to apply, account is unlocked to effectively prevent disabled user, ensure that the safety of remote entry system
It accesses.Moreover, safety certificate server is added between client and application server, the second unlocking request is taken by safety certification
Device be engaged in after the approval, application management server just receives the unlocking command from the safety certificate server, and according to institute
It states unlocking command and application service end unlock is carried out to the corresponding account of second unlocking request, this reduces asked in transmission
During asking, the probability that information may be trapped or illegally forge effectively prevents disabled user to network shared resource
Illegal operation is carried out, the safety of remote user's unlock is further ensured.
It optionally, can be by the peace established between the two between application management server and administrator in step S41
Full tunnel is transmitted into row information, can also be transmitted into row information with the security protocol or data format that the two is arranged, to ensure two
Secure communication between person.
In step S42 and step S43, application management server needs audit the first unlocking request received,
After the approval the second unlocking request is sent to safety certificate server again.Wherein, the request sent between each two equipment is all
Just receive after the side of being received audits, to ensure that the safety of information transmission.
In step S44, if second unlocking request is passed through by safety certificate server audit, receives and come from institute
The unlocking command of safety certificate server is stated, and the corresponding account of second unlocking request is carried out according to the unlocking command
Application service end unlocks.In this step, application management server is the unlocking command received from safety certificate server, be ensure that
The safety of unlocking command.Optionally, the corresponding account of second unlocking request is applied according to the unlocking command
Server-side unlock specifically may include that the Status Flag for the account that will be safeguarded in application management server is set to " unlocked ".Certainly,
Other modes, the embodiment of the present invention can also be used not to be restricted this.
Correspondingly, as shown in fig. 6, the embodiment of the present invention also provides a kind of unlocking method to remote user, based on peace
Full certificate server, including:
S51 receives the second unlocking request from application management server, carry in second unlocking request described in answer
With the identity verifying information of management server;
S52 audits second unlocking request;
S53, if second unlocking request by audit, is sent to client and the application management server respectively
Unlocking command.
The unlocking method to remote user that the embodiment of the present invention provides introduces safety certification clothes in releasing process
Business device, the safety certificate server can be asked received from the second unlocking request of application management server, and to second unlock
It asks and is audited, only audit passes through, and just can send unlocking command respectively to client and the application management server, to
The client and the application management server is set to unlock respectively.This reduces transmit ask during, information
The probability that may be trapped or illegally forge effectively prevents disabled user and carries out illegal operation to network shared resource, has
Effect ensure that the safety of remote user's unlock, improve internet security.
Correspondingly, as shown in fig. 7, the embodiment of the present invention also provides a kind of unlocking method to remote user, based on visitor
Family end, including:
S61 prompts user to propose the unlocking request to account to administrator;
S62 receives the unlocking command from safety certificate server;
S63 carries out client unlock according to the unlocking command to the account.
The unlocking method to remote user that the embodiment of the present invention provides, does not allow user directly to application management service
Device proposes unlocking request, but user is prompted to contact administrator, proposes the unlocking request to proper account to administrator, manages in this way
Reason person can verify user identity, to exclude criminal, ensure that the safety that remote user logs in.Separately
Outside, safety certificate server is also introduced in releasing process, the unlocking command that client is received from safety certificate server, this
Sample has been reduced by during transmitting request, the probability that information may be trapped or illegally forge, and is effectively prevented illegal
User carries out illegal operation to network shared resource, and the safety of remote user's unlock has been effectively ensured.
Specifically, in step S63, the account is unlocked according to the unlocking command and specifically may include:
The unlocking command is audited;
If it is continuously defeated will to be stored in local decryption password by audit according to the unlocking command for the unlocking command
The number for entering mistake is reset;
The decryption password is reset.
In this way, with reference to the decryption password input process in locking procedure above, the decryption password for being stored in local is continuous
After the number of input error is reset, user can re-enter decryption password in login system again.And by decrypting mouth
Order is reset, and the new decryption password of safe acquisition is allowed users to.Preferably, in order to ensure that unlocking information will not be in network
It is stolen by illegal molecule during transmission, remote user's unlocking method provided by the invention, in client, application management service
Only authentication information, the unlocking information transmitted between device, safety certificate server is stored in logging program end, only
After safety certificate server receives unlocking command, which just can be visible to user.
It in one embodiment of the invention, can be as shown in Figure 8 to the detailed process of remote user's unlock.
The locking method of remote user, unlocking method are carried out in detail to provided by the invention below by specific embodiment
It describes in detail bright.As shown in figure 9, in the present embodiment, security client is logged in corresponding client with safety certificate server
Module is provided in the module for Telnet application management server of user terminal, and security client and login module are all
Belong to client.When the number of the continuous mistake input decryption password of user exceeds preset times, client takes to safety certification
Business device sends locking request, and client identity check information is carried in first locking request, after audit, safety certification clothes
Device of being engaged in sends the second locking request to application management server, the identity of certificate server safe to carry in second locking request
Check information, after the approval, the Status Flag for the user account that application management server is safeguarded are set to " locking ".
When client user will be unlocked some account, propose to solve to the administrator of application management server first
Lock request, administrator after the approval, the first unlocking request, application management clothes are sent to application management server to user identity
Be engaged in device to first unlocking request after the approval, the account of user is unlocked being in certainly first, right backward security is recognized
It demonstrate,proves server and sends the second unlocking request, the second unlocking request of safety certificate server pair after the approval, is sent to client
Unlocking command, client execute unlocking program after being audited respectively to unlocking command.
Although application management server is just being in the account to user certainly after the approval to the first unlocking request in Fig. 9
Family is unlocked, but embodiments of the present invention are not limited thereto.In order to reinforce safety, optionally, application management server is to this
First unlocking request after the approval, can also not be unlocked the account of user temporarily, but to safety certificate server
Send the second unlocking request, the second unlocking request of safety certificate server pair after the approval, respectively to application management server
Unlocking command is sent with client, application management server and client execute unlock journey after being audited respectively to unlocking command
Sequence.
Correspondingly, as shown in Figure 10, the embodiment of the present invention also provides a kind of locking device 1 to remote user, including:
Client locks receiving unit 10, for receiving the decryption password input by user for account to be decrypted;Client adds
Lock transmission unit 12, if the decryption password for being inputted in preset times cannot by the account successful decryption,
The first locking request is sent to safety certificate server, client identity check information is carried in first locking request;Visitor
Family end locks unit 14, if passed through by safety certificate server audit for first locking request, to the account
Family is locked.
The locking device 1 to remote user that the embodiment of the present invention provides adds between client and application server
Safety certificate server is entered, proof of identity has been carried out to the client for sending the first locking request by security server, if institute
It states the first locking request by safety certificate server audit to be passed through, just the account is locked, this reduces
During transmitting request, the probability that information may be trapped or illegally forge, and ensure that and account is locked
User be real validated user, account is locked by the decryption password of malice input error to prevent disabled user
Possibility, effectively prevent disabled user to network shared resource carry out illegal operation.
Correspondingly, as shown in figure 11, the embodiment of the present invention also provides a kind of locking device 2 to remote user, including:
Certification locks receiving unit 20, and for receiving the first locking request from client, visitor is carried in first locking request
Family end identity verifying information;Certification locks audit unit 22, for being audited to first locking request;Certification locks hair
Unit 24 is sent, if for first locking request by audit, the second locking request, institute are sent to application management server
State the identity verifying information of certificate server safe to carry in the second locking request.
The locking device 2 to remote user that the embodiment of the present invention provides adds between client and application server
Safety certificate server is entered, proof of identity has been carried out to the client for sending the first locking request by security server, if institute
It states the first locking request by safety certificate server audit to be passed through, then sending the second locking to application management server asks
It asks, so that the application management server can lock the proper account of client.This reduces asked in transmission
During asking, the probability that information may be trapped or illegally forge, and ensure that the user locked to account is
Real validated user, to prevent the possibility that disabled user is locked account by the decryption password of malice input error,
It effectively prevents disabled user and illegal operation is carried out to network shared resource, improve internet security.
Correspondingly, as shown in figure 12, the embodiment of the present invention also provides a kind of locking device 3 to remote user, including:
Using receiving unit 30 is locked, for receiving the second locking request for carrying out safety certificate server, described second adds
The identity verifying information of certificate server safe to carry in lock request;
Unit 32 is audited using locking, for being audited to second locking request;
Using lock unit 34, if for second locking request by audit, pair with second locking request
Corresponding client account is locked.
The locking device 3 to remote user that the embodiment of the present invention provides adds between client and application server
Enter safety certificate server, specially the locking request of client has been authenticated by safety certificate server, application management clothes
Device be engaged in directly from safety certificate server the second locking request of reception, and second locking request is audited, if examined
Core passes through, then a pair client account corresponding with second locking request locks.This reduces transmitting request
During, the probability that information may be trapped or illegally forge, and ensure that the user locked to account is true
Positive validated user has to prevent the possibility that disabled user is locked account by the decryption password of malice input error
Effect avoids disabled user and carries out illegal operation to network shared resource, improves internet security.
Correspondingly, as shown in figure 13, the embodiment of the present invention also provides a kind of tripper 4 to remote user, including:
Using unlock receiving unit 40, the first unlocking request for receiving administrator's input, first unlocking request
The middle identity verifying information for carrying the administrator;
Unit 42 is audited using unlock, for being audited to first unlocking request;
Using unlock transmission unit 44, if for first unlocking request by audit, to safety certificate server
The second unlocking request is sent, the identity verifying information of application management server is carried in second unlocking request;
The application unlocks receiving unit 40, if being additionally operable to second unlocking request by the safety certificate server
Audit passes through, and receives the unlocking command from the safety certificate server;
Using unlocking unit 46, for being answered the corresponding account of second unlocking request according to the unlocking command
It is unlocked with server-side.
The tripper 4 to remote user that the embodiment of the present invention provides, the first solution that application management server receives
Lock request is what administrator sent out, and locked user cannot directly unlock to the application management server application, and can only
Applied by administrator, account is unlocked to effectively prevent disabled user, ensure that the peace of remote entry system
It is complete to access.Moreover, safety certificate server is added between client and application server, the second unlocking request is by safety certification
After the approval, application management server just receives the unlocking command from the safety certificate server to server, and according to
The unlocking command carries out application service end unlock to the corresponding account of second unlocking request, and this reduces transmitting
During request, the probability that information may be trapped or illegally forge effectively prevents disabled user and is provided to network share
Source carries out illegal operation, further ensures the safety of remote user's unlock.
Correspondingly, as shown in figure 14, the embodiment of the present invention also provides a kind of tripper 5 to remote user, including:
Certification unlocks receiving unit 50, for receiving the second unlocking request from application management server, described second
The identity verifying information of the application management server is carried in unlocking request;
Certification unlock audit unit 52, for being audited to second unlocking request;
Certification unlocks transmission unit 54, if for second unlocking request by audit, respectively to client and institute
It states application management server and sends unlocking command.
The tripper 5 to remote user that the embodiment of the present invention provides, introduces safety certification in releasing process
Server, the safety certificate server can received from the second unlocking request of application management server, and to this second unlock
Request is audited, and only audit passes through, and just can send unlocking command respectively to client and the application management server, from
And the client and the application management server is made to unlock respectively.This reduces during transmitting request, believe
The probability that may be trapped or illegally forge is ceased, disabled user is effectively prevented and illegal operation is carried out to network shared resource,
The safety of remote user's unlock has been effectively ensured.
Correspondingly, as shown in figure 15, the embodiment of the present invention also provides a kind of tripper 6 to remote user, including:
Client unlocks prompt unit 60, for prompting unlocking request of the user to administrator's proposition to account;
Client unlocks receiving unit 62, for receiving the unlocking command from safety certificate server;
Client unlocking unit 64, for carrying out client unlock to the account according to the unlocking command.
The tripper 6 to remote user that the embodiment of the present invention provides does not allow user directly to be taken to application management
Business device proposes unlocking request, but user is prompted to contact administrator, proposes the unlocking request to proper account to administrator, in this way
Administrator can verify user identity, to exclude criminal, ensure that the safety that remote user logs in.Separately
Outside, safety certificate server is also introduced in releasing process, the unlocking command that client is received from safety certificate server, this
Sample has been reduced by during transmitting request, the probability that information may be trapped or illegally forge, and is effectively prevented illegal
User carries out illegal operation to network shared resource, and the safety of remote user's unlock has been effectively ensured.
Specifically, client unlocking unit 64 is particularly used in:The unlocking command is audited;If the unlock
Order resets the number for being stored in the continuous input error of local decryption password by audit, according to the unlocking command;It is right
The decryption password is reset.
It should be noted that the locking device 1,2,3 to remote user that the embodiment of the present invention provides, tripper 4,
5, method part of the 6 detailed operation principle above is described in detail, and details are not described herein again.
Although being example purpose, the preferred embodiment of the present invention is had been disclosed for, those skilled in the art will recognize
Various improvement, increase and substitution are also possible, and therefore, the scope of the present invention should be not limited to the above embodiments.
Claims (14)
1. a kind of locking method to remote user, which is characterized in that including:
Receive the decryption password input by user for account to be decrypted;
If the decryption password inputted in preset times cannot be by the account successful decryption, to Security Authentication Service
Device sends the first locking request, and client identity check information is carried in first locking request;
If first locking request is passed through by safety certificate server audit, the account is locked;
Wherein, after locking, client no longer provides the input password of decryption password to the user.
2. a kind of locking method to remote user, which is characterized in that including:
The first locking request from client is received, client identity check information is carried in first locking request;
First locking request is audited;
If first locking request sends the second locking request by audit, to application management server, described second adds
The identity verifying information of certificate server safe to carry in lock request.
3. a kind of locking method to remote user, which is characterized in that including:
The second locking request from safety certificate server is received, certificate server safe to carry in second locking request
Identity verifying information;
Second locking request is audited;
If second locking request is added by audit, a pair client account corresponding with second locking request
Lock;
Wherein, the Status Flag for the account that application management server is safeguarded is set to locking.
4. a kind of unlocking method to remote user, which is characterized in that including:
The first unlocking request of administrator's input is received, the proof of identity letter of the administrator is carried in first unlocking request
Breath;
First unlocking request is audited;
If first unlocking request sends the second unlocking request, second solution by audit, to safety certificate server
The identity verifying information of application management server is carried in lock request;
If second unlocking request is passed through by safety certificate server audit, receives and come from the Security Authentication Service
The unlocking command of device, and application service end solution is carried out to the corresponding account of second unlocking request according to the unlocking command
Lock;
Wherein, carrying out the unlock of application service end to the corresponding account of second unlocking request according to the unlocking command includes:
The Status Flag for the account safeguarded in application management server is set to unlocked.
5. a kind of unlocking method to remote user, which is characterized in that including:
The second unlocking request from application management server is received, the application management clothes are carried in second unlocking request
The identity verifying information of business device;
Second unlocking request is audited;
If second unlocking request by audit, sends unlock life to client and the application management server respectively
It enables.
6. a kind of unlocking method to remote user, which is characterized in that including:
User is prompted to propose the unlocking request to account to administrator;
Receive the unlocking command from safety certificate server;
Client unlock is carried out to the account according to the unlocking command;
Wherein, after unlock, user re-enters decryption password in login system.
7. according to the method described in claim 6, it is characterized in that, described carry out visitor according to the unlocking command to the account
Family end unlocks:
The unlocking command is audited;
If the unlocking command continuously inputs mistake according to the unlocking command by audit by local decryption password is stored in
Number accidentally is reset;
The decryption password is reset.
8. a kind of locking device to remote user, which is characterized in that including:
Client locks receiving unit, for receiving the decryption password input by user for account to be decrypted;
Client locks transmission unit, if the decryption password for being inputted in preset times cannot be by the account
Successful decryption sends the first locking request to safety certificate server, client identity school is carried in first locking request
Test information;
Client locks unit, if passed through by safety certificate server audit for first locking request, to institute
Account is stated to be locked;
Wherein, after locking, client no longer provides the input password of decryption password to the user.
9. a kind of locking device to remote user, which is characterized in that including:
Certification locks receiving unit, for receiving the first locking request from client, is carried in first locking request
Client identity check information;
Certification locks audit unit, for being audited to first locking request;
Certification locks transmission unit, if for first locking request by audit, the is sent to application management server
Two locking requests, the identity verifying information of certificate server safe to carry in second locking request.
10. a kind of locking device to remote user, which is characterized in that including:
Using receiving unit is locked, for receiving the second locking request from safety certificate server, second locking is asked
The identity verifying information of certificate server safe to carry in asking;
Unit is audited using locking, for being audited to second locking request;
Using locking unit, if for second locking request by audit, it is pair corresponding with second locking request
Client account is locked, and the Status Flag for the account safeguarded in application management server is set to locking.
11. a kind of tripper to remote user, which is characterized in that including:
Using unlock receiving unit, the first unlocking request for receiving administrator's input carries in first unlocking request
The identity verifying information of the administrator;
Unit is audited using unlock, for being audited to first unlocking request;
Using unlock transmission unit, if for first unlocking request by audit, the is sent to safety certificate server
Two unlocking requests carry the identity verifying information of application management server in second unlocking request;
The application unlocks receiving unit, leads to if being additionally operable to second unlocking request and being audited by the safety certificate server
It crosses, receives the unlocking command from the safety certificate server, and according to the unlocking command to second unlocking request
Corresponding account carries out application service end unlock, the Status Flag for the account safeguarded in application management server is set to unlocked
It is fixed.
12. a kind of tripper to remote user, which is characterized in that including:
Certification unlocks receiving unit, and for receiving the second unlocking request from application management server, second unlock is asked
Seek the middle identity verifying information for carrying the application management server;
Certification unlock audit unit, for being audited to second unlocking request;
Certification unlocks transmission unit, if for second unlocking request by audit, respectively to client and the application
Management server sends unlocking command.
13. a kind of tripper to remote user, which is characterized in that including:
Client unlocks prompt unit, for prompting unlocking request of the user to administrator's proposition to account;
Client unlocks receiving unit, for receiving the unlocking command from safety certificate server;
Client unlocking unit, for carrying out client unlock to the account according to the unlocking command;
Wherein, after unlock, user re-enters decryption password in login system.
14. device according to claim 13, which is characterized in that the client unlocking unit is specifically used for:
The unlocking command is audited;
If the unlocking command continuously inputs mistake according to the unlocking command by audit by local decryption password is stored in
Number accidentally is reset;
The decryption password is reset.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310750710.1A CN104753886B (en) | 2013-12-31 | 2013-12-31 | It is a kind of to the locking method of remote user, unlocking method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310750710.1A CN104753886B (en) | 2013-12-31 | 2013-12-31 | It is a kind of to the locking method of remote user, unlocking method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104753886A CN104753886A (en) | 2015-07-01 |
| CN104753886B true CN104753886B (en) | 2018-10-19 |
Family
ID=53593001
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310750710.1A Active CN104753886B (en) | 2013-12-31 | 2013-12-31 | It is a kind of to the locking method of remote user, unlocking method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104753886B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107067255B (en) * | 2017-02-27 | 2019-02-26 | 腾讯科技(深圳)有限公司 | The treating method and apparatus of account in block chain |
| CN107729742A (en) * | 2017-10-11 | 2018-02-23 | 广州视源电子科技股份有限公司 | Equipment unlocking control method, device, equipment and storage medium |
| CN108768941B (en) * | 2018-04-19 | 2021-08-31 | 北京信安世纪科技股份有限公司 | Method and device for remotely unlocking safety equipment |
| CN108667819A (en) * | 2018-04-20 | 2018-10-16 | 北京华大智宝电子系统有限公司 | A kind of method, apparatus and system for realizing remote de-locking |
| CN115065554B (en) * | 2022-07-27 | 2022-11-22 | 中关村芯海择优科技有限公司 | Security chip, identity authentication method and device thereof, and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119565A (en) * | 2007-09-03 | 2008-02-06 | 华为技术有限公司 | Mobile communications terminal data protection method, system and equipment |
| CN101119202A (en) * | 2007-08-08 | 2008-02-06 | 中国工商银行股份有限公司 | System and method for performing safety identification authentication in network bank system |
| CN102281143A (en) * | 2011-08-30 | 2011-12-14 | 公安部第三研究所 | Remote unlocking system of intelligent card and unlocking method thereof |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP5098487B2 (en) * | 2007-07-26 | 2012-12-12 | 富士ゼロックス株式会社 | Authentication information processing apparatus and program |
-
2013
- 2013-12-31 CN CN201310750710.1A patent/CN104753886B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101119202A (en) * | 2007-08-08 | 2008-02-06 | 中国工商银行股份有限公司 | System and method for performing safety identification authentication in network bank system |
| CN101119565A (en) * | 2007-09-03 | 2008-02-06 | 华为技术有限公司 | Mobile communications terminal data protection method, system and equipment |
| CN102281143A (en) * | 2011-08-30 | 2011-12-14 | 公安部第三研究所 | Remote unlocking system of intelligent card and unlocking method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104753886A (en) | 2015-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP1498800B1 (en) | Security link management in dynamic networks | |
| CN102217277B (en) | Method and system for token-based authentication | |
| CA2744971C (en) | Secure transaction authentication | |
| US6510523B1 (en) | Method and system for providing limited access privileges with an untrusted terminal | |
| US20080148046A1 (en) | Real-Time Checking of Online Digital Certificates | |
| CN104125226B (en) | A kind of method, apparatus and system for locking and unlocking application | |
| CN109417553A (en) | The attack using leakage certificate is detected via internal network monitoring | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| WO2013101358A1 (en) | System and method for secure network login | |
| CN104753886B (en) | It is a kind of to the locking method of remote user, unlocking method and device | |
| US10686771B2 (en) | User sign-in and authentication without passwords | |
| US7822976B2 (en) | Network data security system and protecting method thereof | |
| CN100365974C (en) | Device and method for controlling computer access | |
| US9954853B2 (en) | Network security | |
| US20150328119A1 (en) | Method of treating hair | |
| KR101133210B1 (en) | Mobile Authentication System and Central Control System | |
| JP2018022941A (en) | Management system, management server and management program | |
| JP2021050556A (en) | Authentication system | |
| JP2004206258A (en) | Multiple authentication system, computer program, and multiple authentication method | |
| KR20130046781A (en) | System and method for access authentication for wireless network | |
| Kumar et al. | MABFWA: Mobile Agent Based Framework for Wireless Authentication | |
| JP2018107514A (en) | Positional information assurance device, positional information assurance method, positional information assurance program, and communication system | |
| CN118540160A (en) | Network security access control method, computing device, and computer-readable storage medium | |
| Bachl | The end of the password era: towards password-less authentication based on enhanced FIDO | |
| Karimov et al. | About One of the Authentication Methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |